estos GmbH Data Privacy Statement
We take data privacy seriously
The protection of your privacy when processing your personal data is a key concern for us. When you visit our website, our web servers automatically store the IP address of your internet service provider, the website from which you visit us, the pages of our website you look at and the date and time of your visit. This information is absolutely essential for the technical transmission of the web pages and secure server operation. A personalized evaluation of this data does not take place.
If you send us information using our contact form, this data is stored on our servers during the course of the data backup. We use your data exclusively to process your request. Your data is treated in the strictest confidence. It is not passed on to third parties.
Personal data means data about you as a person. This includes your name, your address, and your e-mail address. You do not need to reveal any personal information in order to visit our website. In some cases, we will need your name and address along with other information in order to be able to offer you the service you require.
The same goes for instances where we are providing you with information material at your request or if we are replying to your enquiry. In these situations, we will always inform you that we need your personal data to do this. Moreover, we only store data that you have provided to us automatically or voluntarily.
If you use any of our services, we generally only gather the data needed to be able to offer you that service. We may ask you for further information, however providing this is entirely voluntary. Whenever we are processing personal data, we do this in order to offer you our services or to be able to pursue our commercial objectives.
When contacting us (e.g. by contact form, e-mail, telephone or via social media), the information provided by the inquiring individuals is processed insofar as this is necessary to respond to the contact inquiries and any requested measures.
The response to contact requests in the context of contractual or pre-contractual relationships is made in order to fulfill our contractual obligations or to respond to (pre)contractual inquiries and, moreover, on the basis of the legitimate interests in responding to the inquiries.
- Types of data processed: Inventory data (e.g. names, addresses), contact data (e.g. e-mail, telephone numbers), content data (e.g. entries in online forms).
- Affected persons: Communication partner.
- Purposes of processing: Contact requests and communication.
- Legal basis: Contract fulfillment and pre-contractual requests (Art. 6(1)(b) GDPR), Legitimate Interests (Art. 6(1)(f) GDPR).
Automatically stored data
Server log files
The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:
- Date and time of the request
- Name of the requested file
- Page from which the file was requested
- Access status (file transferred, file not found, etc.)
- Web browser and operating system used
- Complete IP address of the requesting computer
- Transmitted data volume
This data is not merged with other data sources. The processing is conducted in accordance with Art. 6(1)(f) GDPR on the basis of our legitimate interest in improving the stability and functionality of our website.
For reasons of technical security, in particular to defend against attempted attacks on our web server, we store this data for a short period of time. It is not possible for us to draw conclusions about individual people on the basis of this data. After a maximum of seven days, the data is anonymized by shortening the IP address at the domain level, so that it is no longer possible to establish a reference to the individual user. In anonymized form, the data is also processed for statistical purposes; a comparison with other databases or disclosure to third parties, even in excerpts, does not occur.
We have created an option for you to decide specifically which cookies you want to accept. The following setting option is also provided to you as a banner at the top of our pages and displayed until you have made your decision.
We only use personal cookies to improve our website or for marketing/advertising purposes with your consent. On your first visit, you can voluntarily agree to tracking or analysis via the cookie banner that appears. If necessary, your data will be passed on to partners or third-party providers. Only if you explicitly agree to this, these cookies will be stored, the legal basis is then your consent according to Art. 6(1)(a) GDPR.
You can also always reach this configuration box for cookies via the green cookie button at the bottom left of all estos.de/ etos.com pages.
Google Tag Manager
We use Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Tag Manager is a tool that allows us to embed tracking or statistical tools and other technologies on our website. Google Tag Manager itself does not create user profiles, does not store cookies, and does not perform any independent analyses. It only serves to manage and play out the tools integrated via it. However, the Google Tag Manager collects your IP address, which may also be transferred to Google's parent company in the United States.
The use of Google Tag Manager is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in the fast and uncomplicated integration and management of various tools on its website.
Google Analytics (4)
This website uses functions of the web analytics service Google Analytics. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Analytics enables the website operator to analyze the behavior of website visitors. The website operator receives various usage data, such as page views, duration of visit, operating systems used and origin of the user. This data is summarized in a user ID and assigned to the respective end device of the website visitor. Furthermore, Google Analytics allows us to record your mouse and scroll movements and clicks, among other things. Furthermore, Google Analytics uses various modeling approaches to supplement the collected data sets and uses machine learning technologies in data analysis. Google Analytics uses technologies that enable the recognition of the user for the purpose of analyzing user behavior (e.g. cookies or device fingerprinting). The information collected by Google about the use of this website is usually transferred to a Google server in the USA and stored there.
The use of this service is based on your consent according to Art. 6(1)(a) GDPR and Section 25(1) TTDSG. Your consent can be revoked at any time. Data transmission to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/.
We use Google Signals. When you visit our website, Google Analytics collects, among other things, your location, search history and YouTube history, as well as demographic data (visitor data). This data can be used for personalized advertising with the help of Google Signals. If you have a Google account, Google Signal's visitor data is linked to your Google account and used for personalized advertising messages. The data is also used to create anonymized statistics on the user behavior of our users.
Google Analytics E-commerce Metrics
This website uses the "E-commerce Metrics" feature of Google Analytics. With the help of e-commerce metrics, the website operator can analyze the purchasing behavior of website visitors to improve its online marketing campaigns. This involves recording information such as orders placed, average order values, shipping costs and the time from viewing to purchasing a product. This data can be summarized by Google under a transaction ID, which is assigned to the respective user or their device.
The website operator uses Google Ads. Google Ads is an online advertising program of Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Ads allows us to display advertisements in the Google search engine or on third-party websites when the user enters specific search terms on Google (keyword targeting). Furthermore, targeted advertisements can be displayed based on user data available on Google (e.g., location data and interests) (audience targeting). As website operators, we can evaluate these data quantitatively by analyzing, for example, which search terms have led to the display of our advertisements and how many ads have resulted in corresponding clicks.
The use of this service is based on your consent according to Art. 6(1)(a) GDPR and Section 25(1) TTDSG. Your consent can be revoked at any time. Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://policies.google.com/privacy/frameworks und https://privacy.google.com/businesses/controllerterms/mccs/.
This website uses the functions of Google Analytics Remarketing. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland. Google Remarketing analyzes your user behavior on our website (e.g. clicking on certain products) in order to classify you in certain advertising target groups and then play you suitable advertising messages when you visit other online offers (remarketing or retargeting).
Furthermore, the advertising target groups created with Google Remarketing can be linked with Google's cross-device functions. In this way, interest-based, personalized advertising messages that have been adapted to you depending on your previous usage and surfing behavior on one end device (e.g. mobile phone) can also be displayed on another of your end devices (e.g. tablet or PC).
If you have a Google account, you can object to personalized advertising by following this link: https://www.google.com/settings/ads/onweb/.
We use Google Remarketing customer matching, among other things, to create target groups. In this process, we transfer certain customer data (e.g., e-mail addresses) from our customer lists to Google. If the customers in question are Google users and logged into their Google account, they are shown matching advertising messages within the Google network (e.g. on YouTube, Gmail or in the search engine).
We use "Google reCAPTCHA" (hereinafter "reCAPTCHA") on this website. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.
The purpose of reCAPTCHA is to verify whether the data input on this website (e.g. in a contact form) is made by a human or by an automated program. For this purpose reCAPTCHA analyzes the behavior of the website visitor based on various characteristics. This analysis begins automatically as soon as the website visitor enters the website. For the analysis reCAPTCHA evaluates various information (e.g. IP address, length of time the website visitor spends on the website, or mouse movements made by the user). The data collected during the analysis is forwarded to Google.
This site uses the map service Google Maps. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.
In order to use the functions of Google Maps, it is necessary to store your IP address. This information is usually transmitted to a Google server in the USA and stored there. The provider of this site has no influence on this data transmission. If Google Maps is activated, Google may use Google Web Fonts for the purpose of uniform display of fonts. When you call up Google Maps, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly.
The use of Google Maps is in the interest of providing an attractive presentation of our online offers and facilitating the easy locating of places indicated on our website. This constitutes a legitimate interest within the meaning of Art. 6(1)(f) of the General Data Protection Regulation (GDPR). Since we have integrated Google Maps using a two-click solution, the corresponding consent is requested. The processing is based solely on Art. 6(1)(a) of the GDPR and Section 25(1) of the TTDSG, to the extent that the consent includes the storage of cookies or access to information on the user's end device (e.g., device fingerprinting) within the meaning of the TTDSG. Your consent can be revoked at any time.
This website embeds videos from YouTube. The operator of the pages is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.
We use YouTube in enhanced privacy mode. According to YouTube, this mode ensures that YouTube does not store any information about visitors to this website unless they watch the video. However, the enhanced privacy mode does not necessarily exclude the transmission of data to YouTube partners. Therefore, regardless of whether you watch a video, YouTube establishes a connection to the Google DoubleClick network.
Once you start a YouTube video on this website, a connection to YouTube's servers is established. This informs the YouTube server about which of our pages you have visited. If you are logged into your YouTube account, you allow YouTube to directly associate your browsing behavior with your personal profile. You can prevent this by logging out of your YouTube account.
Furthermore, after starting a video, YouTube may store various cookies on your device or use similar recognition technologies (e.g., device fingerprinting). This allows YouTube to obtain information about visitors to this website. This information is used, among other things, to capture video statistics, improve user-friendliness, and prevent fraudulent activities.
Potentially, after starting a YouTube video, further data processing operations may be triggered over which we have no control. The use of YouTube is in the interest of presenting our online offerings attractively and facilitating the easy locating of places indicated on our website. This constitutes a legitimate interest within the meaning of Art. 6(1)(f) of the GDPR. Since we have integrated YouTube using a two-click solution, the corresponding consent is requested. The processing is based solely on Art. 6(1)(a) of the GDPR and Section 25(1) of the TTDSG, to the extent that the consent includes the storage of cookies or access to information on the user's end device (e.g., device fingerprinting) within the meaning of the TTDSG. Your consent can be revoked at any time.
This website uses the open-source web analytics service Matomo. Matomo uses technologies that enable cross-page recognition of the user to analyze user behavior (e.g. cookies or device fingerprinting). The information collected by Matomo about the use of this website is stored on our server. The IP address is anonymized before storage.
With the help of Matomo, we are able to collect and analyze data on the usage of our website-by-website visitors. This allows us, among other things, to determine when page views occurred and from which region they originate. Additionally, we capture various log files (such as IP address, referrer, used browsers, and operating systems) and can measure whether our website visitors perform certain actions (such as clicks, purchases, etc.).
The use of this analytics tool is based on Art. 6(1)(f) of the GDPR. The website operator has a legitimate interest in anonymously analyzing user behavior in order to optimize both the website offering and advertising. If appropriate consent has been obtained, processing is based solely on Art. 6(1)(a) of the GDPR and Section 25(1) of the TTDSG, to the extent that the consent includes the storage of cookies or access to information on the user's end device (e.g., device fingerprinting) within the meaning of the TTDSG. Your consent can be revoked at any time.
We use IP anonymization for the analysis with Matomo. Your IP address is shortened before the shortened before analysis, so that it is no longer clearly attributable to you. We host Matomo exclusively on our own servers, so that all analysis data remains with us and is not passed on.
We use "estos LiveChat", a software for digital customer contact & video consulting, of the company estos GmbH, Petersbrunner Str. 3a, 82319 Starnberg, on our websites. The software saves your chat history and time of contact with the implementing company in order to save you from further inquiries regarding your possibly detailed queries. For this purpose, estos LiveChat uses databases integrated in your browser (LocalStorage and IndexedDB) to store data in your browser and thereby recognize you even if you visit the site several times.
If you send us data via the contact form, this data will be used by your consultant to better process your request and will be stored on our servers in this context. Your data will only be used by us to process your request. Your data will be treated strictly confidential. Data will not be passed on to third parties. If you do not wish this, please contact the company responsible, your stored data will then be deleted.
To continuously improve your user experience and the quality of the software, estos uses services to collect data on usage (e.g. geo-IP, screen resolution, actions performed) and errors within the software.
We set up password-protected direct access to their stored inventory data (customer account) for each customer who registers accordingly. Here you can add and buy products from your shopping cart, as well as view and manage your customer account. You agree to treat the personal access data as confidential and not to make it accessible to unauthorized third parties. We accept no liability for misused passwords unless we are responsible for the abuse.
We have made technical and administrative security arrangements to protect your personal data against loss, destruction, manipulation, and unauthorized access. All of our employees and service providers working for us are obliged to comply with applicable data protection regulations.
Whenever we collect and process personal data, the data is encrypted before it is transferred anywhere. In other words, your data cannot be misused by third parties. Our security arrangements are constantly being improved and our data privacy statements are constantly reviewed. Please ensure that you are basing your data decisions on the latest version.
estos sales promotions with action code
If you participate in an estos sales promotion with a promotion code, personal data is collected as part of the creation of the promotion code. This consists of your first and last name as well as your e-mail address. This data is passed on to the estos partner who invited you to participate in the respective promotion. In addition, this data is stored in our systems. Legal basis is our legitimate interest according to Art. 6(1)(f) GDPR.
When you register for the newsletter, your e-mail address will be used for our own advertising purposes until you unsubscribe from the newsletter. You can unsubscribe at any time. You will have expressly provided the declaration of consent below separately or as part of the ordering process: We will regularly send you carefully selected offers relating to similar products in our range via e-mail. To send out our newsletter, we use the double opt in process, i.e. we will only send you a newsletter via e-mail if you have previously expressly confirmed that we can enable the newsletter service. We will then send you a confirmation e-mail and ask you to confirm, by clicking one of the links contained in this e-mail, that you wish to receive our newsletter.
If you subsequently no longer wish to receive any more newsletters from us, you can cancel your subscription at any time and incur no other costs than the transmission costs based on basic rates. A message in text form (e.g. e-mail, fax, letter) sent to the contact address detailed in the legal information section of the website is sufficient. Every newsletter of course also contains an unsubscribe link.
Online presence on Facebook, Twitter, LinkedIn, Xing, and YouTube
If you have given your consent pursuant to Art. 6(1)(a) GDPR to the respective social media operator, your data will be automatically collected and stored for market research and advertising purposes when you visit our online presence on the social media platforms mentioned above. Pseudonymous usage profiles will be created from this data. These profiles may be used, for example, to display advertisements within and outside the platforms that are presumed to be of interest to you. Cookies are typically used for this purpose. For detailed information on the processing and use of data by the respective social media operator, as well as your rights and privacy settings, please refer to the privacy notices linked below. If you need assistance in this regard, please feel free to contact us.
Social Plugins from Facebook, Twitter, LinkedIn, Xing, and YouTube
Our website uses social buttons from social networks. These buttons are simply embedded as HTML links on the page, so no connection is established with the servers of the respective provider when you visit our website. If you click on one of the buttons, the website of the respective social network will open in a new window of your browser. There, you can, for example, click on the Like or Share button.
Which data is processed and what are the sources of this data?
We process the data that we have received from you as part of the contract negotiations or processing, on the basis of consent or as part of your application to us or as part of your employment with us.
Personal data includes:
Your master/contact data, for customers this includes e.g. first and last name, address, contact data (e-mail address, telephone number, fax), bank data.
In the case of business partners, this includes, for example, the designation of their legal representatives, company name, commercial registration number, VAT number, company number, address, contact person contact data (e-mail address, telephone number, fax), bank data.
For visitors to our company, this includes names and signatures.
For journalists, this includes first and last name, e-mail address, fax number.
For what purposes and on what legal basis is the data processed?
We process your data in accordance with the provisions of the General Data Protection Regulation ("GDPR") and the Federal Data Protection Act 2018, as amended from time to time:
- For the fulfillment of (pre-)contractual obligations (Art 6(1)(b) GDPR):
The processing of your data is conducted for the online processing of contracts, for the processing of your employment in our company. The data is processed, in particular, during business initiation and during the execution of contracts with you.
- For the fulfillment of legal obligations (Art. 6(1)(c) GDPR):
Processing of your data is required for the purpose of fulfilling various legal obligations, e.g. from the German Commercial Code or the German Fiscal Code.
- For the protection of legitimate interests (Art. 6(1)(f) GDPR):
Based on a balancing of interests, data processing may take place beyond the actual fulfillment of the contract in order to protect the legitimate interests of us or third parties. Data processing for the protection of legitimate interests occurs, for example, in the following cases:
- Advertising or marketing
- Measures for business management and further development of services and products
- In the context of legal prosecution
- Sending of non-promotional information and press releases
- Within the scope of your consent (Art. 6(1)(a) GDPR):
If you have given us consent to process your data, e.g. to send you our newsletter
Processing of personal data for advertising purposes
You can object to the use of your personal data for advertising purposes at any time, either as a whole or for individual measures, without incurring any charges other than the transmission costs according to the basic rates.
We are entitled under the legal conditions of Section 7 (3) of the Act against Unfair Competition (UWG) to use the e-mail address that you provided when concluding the contract for direct advertising for our own similar goods or services. You will receive these product recommendations from us regardless of whether you have subscribed to a newsletter.
If you do not wish to receive such recommendations from us by e-mail, you can object to the use of your address for this purpose at any time without incurring any costs other than the transmission costs according to the basic rates. A message in text form is sufficient for this purpose. Of course, an unsubscribe link is always included in every e-mail.
Who receives my data?
If we use a service provider in the sense of commissioned processing, we nevertheless remain responsible for the protection of your data. All commissioned processors are contractually obligated to treat your data confidentially and to process it only in the context of providing the service. The processors we commission receive your data insofar as they require the data to fulfill their respective service. These are, for example, IT service providers that we require for the operation and security of our IT system as well as advertising and address publishers for our own advertising campaigns.
This data will be provided to subsidiary companies within the corporate group if necessary for contract processing. The storage of customer data is done on a company-specific and separate basis, with our parent company acting as a service provider for the individual participating companies. In the event of a legal obligation and in the context of legal prosecution, authorities, and courts as well as external auditors may be recipients of your data. In addition, for the purpose of contract initiation and fulfillment, insurance companies, banks, credit agencies and service providers may be recipients of your data.
How long will my data be stored?
We process your data until the termination of the business relationship or until the expiry of the applicable statutory retention periods (such as from the German Commercial Code, the German Fiscal Code, or the German Working Hours Act); furthermore, until the termination of any legal disputes in which the data is required as evidence.
If personal data is transferred to a third country?
In principle, we do not transfer any data to a third country. A transfer takes place in individual cases only on the basis of an adequacy decision of the European Commission, standard contractual clauses, appropriate guarantees or your express consent.What data protection rights do I have?You have the right to request information, correction, deletion, or restriction of the processing of your stored data at any time. You also have the right to object to the processing, as well as the right to data portability and the right to lodge a complaint, subject to the conditions set forth in data protection law.Right of access to information:You can request information from us as to whether and to what extent we process your data.Right of rectification:If any of your data that we process is incomplete or inaccurate, you can request that we correct or complete it at any time.Right to erasure:If we process your data unlawfully or if the processing interferes disproportionately with your legitimate interests in protection, you may request that we delete your data. Please note that there may be reasons that prevent immediate deletion, e.g. in the case of legally regulated retention obligations.Irrespective of the exercise of your right to deletion, we will delete your data immediately and completely, insofar as there is no legal or statutory obligation to retain the data in this respect.Right to restrict processing:You can request us to restrict the processing of your data if:
- You dispute the accuracy of the data for a period of time that allows us to verify the accuracy of the data.
- The processing of the data is unlawful, but you refuse erasure and instead request restriction of the use of the data.
- We no longer need the data for the intended purpose, but you still need this data to assert or defend legal claims.
- You have objected to the processing of the data.
Right to data portability:
You may request that we provide you with the data you have provided to us in a structured, commonly used, and machine-readable format and that you may transfer this data to another controller without hindrance from us, provided that
- we process that data on the basis of consent given by you, which may be revoked, or for the performance of a contract between us; and
- this processing is conducted with the aid of automated procedures.
If technically feasible, you can request us to transfer your data directly to another controller.
Right of objection:
If we process your data based on legitimate interest, you have the right to object to such data processing at any time, including profiling based on these provisions. In that case, we will no longer process your data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing is necessary for the establishment, exercise, or defense of legal claims. You can also object to the processing of your data for direct marketing purposes at any time without stating any reasons.
Right of appeal:
If you believe that we are violating German or European data protection laws in the processing of your data, we kindly ask you to contact us to clarify any questions. You also have the right to contact the relevant supervisory authority, the respective state data protection authority, to address your concerns.
If you wish to exercise any of the aforementioned rights against us, please contact our data protection officer. In case of doubt, we may request additional information to confirm your identity.
Am I obliged to provide data?
The processing of your data is necessary for the conclusion or fulfillment of your contract entered into with us. If you do not provide us with this data, we will usually refuse to conclude the contract or will no longer be able to fulfil an existing contract and consequently have to terminate it. However, you are not obliged to give your consent to data processing with regard to data that is not relevant for the performance of the contract or that is not required by law.
We reserve the right to modify our data privacy statements if this should become necessary in light of new technologies. Please ensure that you are basing your data decisions on the latest version. If fundamental changes are made to this data privacy statement, we will announce these changes on our website.
All prospective visitors and visitors to our website can contact us if they have any questions relating to data privacy at:
Mr Christian Volkmer
Projekt 29 GmbH & Co. KG
93047 Regensburg, Germany
Tel.: +49 (0)941 2986930
Fax: +49 (0)941 29869316